Skip to content
This repository has been archived by the owner on Nov 11, 2019. It is now read-only.

describe privacy considerations, if any #13

Closed
17 tasks done
chaals opened this issue May 2, 2017 · 4 comments · Fixed by #19
Closed
17 tasks done

describe privacy considerations, if any #13

chaals opened this issue May 2, 2017 · 4 comments · Fixed by #19
Assignees
@chaals

Comments

@chaals
Copy link
Collaborator

chaals commented May 2, 2017
edited
Loading

From the W3C security and privacy questionnaire

  • Does this specification deal with personally-identifiable information?
  • Does this specification deal with high-value data?
  • Does this specification introduce new state for an origin that persists across browsing sessions?
  • Does this specification expose persistent, cross-origin state to the web?
  • Does this specification expose any other data to an origin that it doesn’t currently have access to?
  • Does this specification enable new script execution/loading mechanisms?
  • Does this specification allow an origin access to a user’s location?
  • Does this specification allow an origin access to sensors on a user’s device?
  • Does this specification allow an origin access to aspects of a user’s local computing environment?
  • Does this specification allow an origin access to other devices?
  • Does this specification allow an origin some measure of control over a user agent’s native UI?
  • Does this specification expose temporary identifiers to the web?
  • Does this specification distinguish between behavior in first-party and third-party contexts?
  • How should this specification work in the context of a user agent’s "incognito" mode?
  • Does this specification persist data to a user’s local device?
  • Does this specification have a "Security Considerations" and "Privacy Considerations" section?
  • Does this specification allow downgrading default security characteristics?
@chaals chaals self-assigned this May 2, 2017
chaals pushed a commit that referenced this issue May 3, 2017
add i18n, privacy and security considerations
ec31b63 
fix #12
fix #13
all of these need review from the relevant groups.
@chaals chaals mentioned this issue May 3, 2017
Merged
@chaals
Copy link
Collaborator Author

chaals commented May 3, 2017

The specification can make data, including high-value or PII data, more explicit, for improved harvesting. It doesn't distinguish first- or third-party or anonymous use: the data is ordinarily laid open to the Web. But it doesn't have special access to any data, and cannot expose anything not already available to the origin.

It is possible to use the explicit nature of microdata to adjust a DOM, serialise it, and record detailed information, however this does not open any new attack surface as far as I can tell.

@chaals chaals closed this as completed May 3, 2017
@chaals chaals reopened this May 3, 2017
@chaals
Copy link
Collaborator Author

chaals commented May 3, 2017

There is a proposed privacy section

@danbri danbri closed this as completed in #19 May 3, 2017
@chaals
Copy link
Collaborator Author

chaals commented May 4, 2017
edited
Loading

also, from https://www.w3.org/wiki/Privacy/Privacy_Considerations

  • can the information be used (alone or in combination with other APIs / sources of information) to fingerprint a device or user? No more than already so.
  • can a user access the information she created? Only by adding interactivity to create stuff.
  • can a user record that information locally? Depends if the application allows that
  • am I able to have actions on this personal record? Depends ditto
  • can a user block partly or totally the record of the information? Other than automatically available info, yes
  • can a user fake it? (think about fuzzy geolocation or voluntary fake location) Probably some, but not automatic info
  • Is the data personally-derived, i.e. derived from the interaction of a single person, or their device or address? (If so, even if anonymous, it might be re-correlated) Probably, but depends on the application
  • Does the data record contain elements that would help such re-correlation? (examples include an IP address, and so on) Depends on the application
  • What other data could this record be correlated with? (e.g. the ISP) Any
  • If you had large amounts of this data about one person, what conclusions would it enable you to draw? (e.g. maybe you could estimate location from many ambient light events by estimating latitude and longitude from the times of sunrise and sunset) Nothing special based on this spec.
  • Is the user likely to know if information is being collected? Only from best practice applications
  • How visible is its collection and or use? Depends on the application
  • Does the user get feedback on the patterns that the information could reveal (at any instant, over time) so she can adjust her behaviours? No
  • if a background event about the device is fired in all browsing contexts, does it allow correlation of a user across contexts? Not sure
  • can code on a page send signals that can be received by device sensors on nearby devices? Nothin in the spec makes that easier

@chaals
Copy link
Collaborator Author

chaals commented May 4, 2017

Help wanted:
If a background event about the device is fired in all browsing contexts, does it allow correlation of a user across contexts?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chaals chaals

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add i18n, privacy and security considerations w3c/microdata
1 participant
@chaals